Privacy Notice - Patients & People Who Use Our Services

St Rocco’s Hospice (the hospice) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you. The hospice is responsible for deciding how we hold and use personal information about you. This makes us a “data controller”. The hospice will comply will all legislation including the relevant Data Protection legislation, guidelines and the Care Quality Commission (CQC) guidance on patient’s personal information (Regulation 17 Good Governance of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014.

About St Rocco’s Hospice
The hospice provides specialist palliative care services for residents of Warrington. The services are provided free of charge to people living with life limiting illnesses and those who are important to them. We have an inpatient unit, outpatient clinics and a day attendance Vitality Centre which includes occupational and complementary therapies, physiotherapy, counselling and emotional care services.

The hospice is committed to being transparent about how it handles, protects the privacy and security of your personal information and to meet its data protection obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your care with the hospice. We are required under the GDPR to notify you of the information contained in this privacy notice.

Who we are

Within the context of this notice ‘we’, ‘us’, ‘our’ and ‘the hospice’ refers to:

St. Rocco’s Hospice, which is a charitable company registered in England and Wales as a company limited by guarantee under company number 1565543 and with charity registration number 511592. St Rocco’s Hospice is the data controller in respect of all personal data collected on our Website and is also the registered data controller in respect of all other personal data collected.

Data Protection Law
We collect your personal information in order to provide you with the most appropriate care and to document the delivery of your care. We may also collect personal data which relates to you from third parties e.g. when you are referred to us by another professional involved in your care. We ensure that prior to processing your personal data for any purpose, that the law allows us to do this.

We process your personal data in accordance with the General Data Protection Regulation (GDPR), Data Protection Act 2018, or for other lawful reasons.
Data Protection law says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent manner
  2. Collected only for legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  3. Relevant to the purposes we have told you about and limited only to those purposes
  4. Accurate and kept up to date
  5. Kept only as long as necessary for the purposes we have told you about
  6. Stored securely

Consent
If you have provided your consent to record, hold and use your personal data for a specific purpose that is not part of your care, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please see ‘How to contact us’ below.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for that specific purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

Privacy of information
Personal data is information that can identify an individual e.g. name, address, date of birth. Special category data is personal information such as the health, racial or ethnic origin and religious beliefs.

The hospice will safeguard patients’ privacy by only collecting the information we need in order to provide the right level of care. The hospice will ensure that the information we collect is kept confidential and handled responsibly and in accordance with legal requirements. We will ensure data is kept up to date and reviewed regularly to ensure data is both accurate and not kept longer than necessary.

All personal and sensitive information is treated as strictly confidential unless we have consent, or the law permits us, to share it in any way.

Keeping your personal information up-to-date
Always tell us when your information changes, such as your, GP, address, telephone number, next of kin/emergency contact details or if you feel we should add something about you to your records.

How we hold information about you
The hospice holds records about you concerning any of our services you have received. A personal record will be set up to keep important information about the care you receive in any of our services. We use this information to make sure that you receive the best possible care. Some of your records are held in paper format and some on computer systems, but all are kept securely.

Information we hold about you
Records may include one or more of the following information:

  • Basic details about you such as your name, address, date of birth and NHS number
  • Contacts we have had with you
  • Notes and reports about assessments and care provided
  • Next of kin details, and other family and friends contact details
  • Letters to others relating to your care, e.g. GP or social services
  • Information from others involved in your care
  • This list is not exhaustive

Special category personal information
Special categories of particularly sensitive personal information require higher levels of protection e.g. information about your health. We need to have further justification for collecting, storing and using this type of personal information.
We may process special categories of personal information in the following circumstances:

  • When it is needed to assess and provide the care and support services for you
  • When we need to carry out our legal obligations

    We do not need your consent if we use special categories of your personal information to carry out our legal obligations.

We do not need your consent if we use special categories of your personal information to carry out our legal obligations.

How we may use information about you
The hospice uses your personal data in various areas of our work, including:

  • The provision of care and support services
  • To ensure the health and safety of staff, other patients and the general public accessing our building
  • To provide you with information about other services available to you through the hospice and third parties connected with us
  • Monitoring of equal opportunities
  • Seeking views or comments on the services we provide
  • Notifying you of changes to our service
  • For audit purposes
  • To process and respond to requests, enquiries and complaints received from you
  • For statutory and regulatory compliance

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • To meet the contract provision of care and support services
  • Where we need to comply with a legal obligation
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Where we need to protect your interest, or someone else’s interests
  • Where it is needed in the public interest or for official purposes

Information Sharing
Information is primarily shared to enable us to provide a service to our patients, although there are times when we are legally obliged to share data. Where we share data we always make sure that the organisations understand that the information must be used for the reasons we have specified and must be kept safe and secure.
In some cases, where the law allows, we may have to share your data with third parties, e.g.

  • The NHS
  • Local authorities and Social Services
  • The NHS via the Clinical Commissioning Group
  • The Care Quality Commission
  • Health and Social Care professionals outside the hospice
  • The Ambulance Service
  • Contractors
  • Legal advisors
  • Fire and Rescue Services
  • Government departments

We may share your personal information with third parties where required by law when it is necessary to co-ordinate services for you, or where we have another legitimate interest in doing so.

We require third parties to take appropriate security measures to protect your personal information in line with the law.

National Data Opt out

How the NHS and care services use your information

St Rocco’s Hospice is one of many organisations working in the health and care system to improve care for patients and the public. 

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  •  planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn't needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will:

  •   See what is meant by confidential patient information
  •   Find examples of when confidential patient information is used for individual care and  examples of when it is used for purposes beyond individual care
  •     Find out more about the benefits of sharing data
  •     Understand more about who uses the data
  •     Find out how your data is protected
  •     Be able to access the system to view, set or change your opt-out setting
  •     See the situations where the opt-out will not apply

If you wish to set/change your opt-out by phone, you can do this by calling 0300 303 5678

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations must put systems and processes in place by 31st march 2020 so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Transferring information outside the European Union
We will not transfer the personal information we collect about you outside the EU.
There are some exceptions to this e.g. if you ask us to provide information about you to a company outside of the United Kingdom or the EU.

Keeping your data secure
The hospice values your privacy and confidentiality.
All information you provide is stored in accordance with the GDPR and Data Protection Act 2018.

We undertake to treat any personal information (which means data from which you can be identified, including your name, address, email address, etc.) that you provide to us or that we obtain from other people, in accordance with this privacy notice and the provisions of the GDPR and Data Protection Act 2018, or any amendment to it. We may analyse and will anonymise the personal information supplied to improve the services we offer.

We will make every endeavour to ensure the security of your information. The hospice will ensure data is kept securely using:

  • Locked filing cabinets kept in secure office accommodation.
  • Secure computer systems. Any records held electronically will be protected by appropriate security arrangements that prevent unauthorised access.
     

To prevent unauthorised access and to maintain data accuracy, the hospice uses reasonable physical, electronic and managerial procedures to safeguard and secure the information it collects.

The hospice recognises the importance of safeguarding personal information in our possession from theft, inappropriate use or improper distribution. It should, however, be recognised that no organisation can absolutely protect personal information at all times.

We have put in place procedures to deal with any suspected or actual data security breach and will notify you where we are legally required to do so.

How long we keep your information for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.


To determine the appropriate retention period for personal data, we follow the Records Management Code of Practice for Health and Social Care 2016, which is a guide to use in managing records, based on current legal requirements and professional best practice.
You can see this at: https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016

From this, the hospice has created an Information Retention, Storage and Disposal Policy.
We may continue to process your personal data after you leave the hospice for a short period, e.g. for audit and financial reasons. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
 

Your Rights
Under certain circumstances, by law you have the right:

  1. To be informed – this enables you to be informed how we process your data, by way of this privacy notice
  2. Of access – this enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
  3. To rectification – this enables you to have any incomplete or inaccurate information we hold about you corrected
  4. To erasure – this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it
  5. To restrict processing – this enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
  6. To data portability – this enables you to transfer your electronic personal information to another party
  7. To object – this enables you to object where we are processing your personal information for direct marketing purposes
  8. To be informed in relation to automated decision making & profiling – this enables you to be told if we process your data using automated software

Right of Access
The GDPR gives people the right to see the information we hold on them by making a ‘Subject Access Request.’

  • You can apply to see your records either orally or in writing
  • We will provide copies of your records within one calendar month
  • In general, we will provide access to everything we hold about you. Any information relating to another patient or individual will be withheld for confidentiality reasons. Certain exemptions may apply, which means we have to withhold information, for example when disclosure may cause you or anyone else harm.

You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if you require second copies or access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
 

To make a request, please see ‘How to contact us’ below.

A letter will be sent to you to confirm receipt of your request. We will also enclose a form and instructions which can help you to provide the detail we need to comply with your request. You do not need to use the form but please give as much information as possible to help us respond to your request, including:

• Your full name, address and contact telephone number
• Proof of identity
• Details of the specific information you require and any relevant dates
 

Confidentiality
Your information is kept confidential at all times and is only shared with people who need the information to support you effectively, and the law allows us to do this. All hospice staff are bound by strict professional and contractual codes of confidentiality and by UK law.

Staff Responsibilities
It is important that our staff understand their responsibilities in respect of our patients’ right to privacy. All hospice staff are contractually bound by St Rocco’s Hospice Data Protection and Information Security policies.

Monitoring
We will review our privacy notices regularly in order to continuously improve our services and performance.

Equality and Diversity
For the hospice diversity is about respecting the differences of our individual patients, partners and staff, ensuring that all people that come into contact with us have access to the same high standards of behaviour and service. We will communicate with patients in the way that suits them wherever possible. We aim to provide information that is easy to understand and to communicate in an appropriate way.

For further information
If you have a question about your information you can discuss this with the person providing your care.

How to contact us
If you need to contact the hospice in relation to any aspect of your care please use the following methods as appropriate:

If you wish to withdraw your consent, please provide all the relevant detail details of the consent to be withdrawn and contact:

By email:         myconsent@stroccos.org.uk
By post:           Patient Consent, St Rocco’s Hospice, Lockton Lane, Warrington, WA5 0BW

If you wish to make a subject access request, or exercise any of your data rights please contact:

By email:         informationgovernance@stroccos.org.uk
By post:           Subject Acceess Requests, St Rocco’s Hospice, Lockton Lane, Warrington, WA5 0BW

If you have any questions about this privacy notice, please contact our Data Protection Officer

By email:       dpo@stroccos.org.uk

If you wish to make a complaint please contact:

By email:         enquiries@stroccos.org.uk
By post:           Complaints, St Rocco’s Hospice, Lockton Lane, Warrington, WA5 0BW

Additional Contact Information

If you believe that the hospice has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

The ICO contact details are: https://ico.org.uk/
Helpline: 0303 123 1113
(local rate – calls to this number cost the same as calls to 01 or 02 numbers).

Live chat: allows you to have an online conversation with someone at the ICO.
 

Email: To ask the ICO something by email, just fill in the form at:
https://ico.org.uk/global/contact-us/email/

Transferring personal information outside the European Economic Area

The hospice will not transfer your personal information to countries outside the European Economic Area.

Automated decision making 

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.

We do not carry out any automated decision making and, as such, no employment decisions will be taken about you based on automated decision making.

We do not carry out any automated decision making and, as such, no decisions will be taken about you based on automated decision making.

Changes to this Privacy Notice
The hospice reserves the right to update or amend this privacy notice at any time, including where the hospice intend to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.

We suggest that to protect your interests you visit our website and check the privacy notice on a periodic basis.